The Locky ransomware has been dubbed one of ‘September’s Most Wanted’ malware after attacks surged by 11.5% across the world last month – spurred in part by the Necurs botnet.
The Locky malware is one of the most prevalent ransomware families, spreading through spam emails with attached downloaders in Word or ZIP attachments and macros.
“When users activate these macros – usually via a social engineering instruction – the attachment downloads and installs the malware that encrypts the user files. A message directs the user to download the Tor browser and visit a webpage demanding a bitcoin payment,” the company explains.
It is the first time that the Locky attacks have made it inside the top 10 list of malware since November 2016, according to Check Point’s Global Threat Impact Index, beaten only by a large-scale malvertising campaign called RoughTed.
RoughTed is malvertising that delivers malicious websites and payloads including scams, adware, exploit kits and ransomware. It is able to bypass adblockers to ensure its attacks are delivered.
Rounding out the top three ‘Most wanted’ malware is Globeimposter, a ransomware variant of the Globe ransomware. Discovered in May 2017, it is distributed by spam campaigns, malvertising and exploit kits.
“If any organizations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” comments Maya Horowitz, Threat Intelligence, Group Manager at Check Point.
“We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position,” Horowitz continues.
The Index also looked at mobile malware, which noted a shift in popularity of the Triada android backdoor.
Top 3 ‘Most Wanted’ mobile malware:
1. Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.
2. Hiddad - Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.
3. Lotoor - Hack tool that exploits vulnerabilities on Android operating systems in order to gain root privileges on compromised mobile devices.